G'Day team,
We have been using Crowd (stand alone server mode) for quite a while. We have an existing Directory with a population of about 300+ users. We are days away from enabling the following Crowd Directory parameters against this existing directory:
- Password Regex
- Max password attempts
- Password expiry
- Password history count
I would like to get confirmation that my understanding of the parameters AND rule to come into effect is correct. This is critical for us as we will base our end users communication on this understanding.
1. Password regex: password setup policy that will come into effect in 2 cases: new user setup and password reset/change
2. Max password attempts: when entering an active account password, max number of tries before the account is flagged with attribute requiresPasswordChange = true.
The account remains active.
No specific notification or communication is given to the user about the fact that his account password must be changed
3. Password expiry: time frequency at which an active account password must be changed.
The countdown starts either from the new account setup or last login time.
At expiry time, the account is flagged with attribute requiresPasswordChange = true.
The account remains active.
No specific notification or communication is given to the user about the fact that his account password must be changed
4. Password history count: number of former passwords disallowed when resetting/changing password
What is critical for me is to get your review and feedback on points 1., 2. and 3.
Are all my statements correct ?
Many thanks for your review and reply.
Cheers, Fred
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.